[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.0' (ECDSA) to the list of known hosts. syzkaller login: [ 33.883500] audit: type=1400 audit(1588710771.189:8): avc: denied { execmem } for pid=6322 comm="syz-executor292" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 34.144642] IPVS: ftp: loaded support on port[0] = 21 [ 35.001790] chnl_net:caif_netlink_parms(): no params data found [ 35.105293] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.111989] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.119592] device bridge_slave_0 entered promiscuous mode [ 35.127292] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.133780] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.140699] device bridge_slave_1 entered promiscuous mode [ 35.158016] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 35.166944] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 35.185698] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 35.192887] team0: Port device team_slave_0 added [ 35.198739] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 35.206184] team0: Port device team_slave_1 added [ 35.221800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.228499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.254520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.266137] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.272388] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.297762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.308411] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 35.316100] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 35.386221] device hsr_slave_0 entered promiscuous mode [ 35.423230] device hsr_slave_1 entered promiscuous mode [ 35.463605] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 35.470669] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 35.537841] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.544493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.551532] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.558115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.590371] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 35.597336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.606012] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.615684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.635134] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.642214] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.652695] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 35.660054] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.668761] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.676906] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.683306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.694094] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.701884] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.708293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.722656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 35.732398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 35.742096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 35.753572] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.765005] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 35.775736] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 35.781751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 35.789822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.803657] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 35.810949] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 35.818004] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 35.828373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.884731] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 35.894897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.929126] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 35.936880] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 35.944503] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 35.954781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.962212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.971035] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.980467] device veth0_vlan entered promiscuous mode [ 35.989315] device veth1_vlan entered promiscuous mode [ 35.995727] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 36.004985] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 36.011502] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 36.019667] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 36.027874] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 36.041115] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 36.050305] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 36.057276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 36.065131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.075585] device veth0_macvtap entered promiscuous mode [ 36.081660] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 36.090458] device veth1_macvtap entered promiscuous mode [ 36.096974] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 36.106702] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 36.116471] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 36.126091] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 36.133609] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.140645] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 36.148302] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 36.155708] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 36.163557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.174340] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 36.181341] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.188955] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 36.197300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 36.342659] BUG: spinlock recursion on CPU#1, syz-executor292/6323 [ 36.349121] lock: 0xffff888097c24868, .magic: dead4ead, .owner: syz-executor292/6323, .owner_cpu: 1 [ 36.358446] CPU: 1 PID: 6323 Comm: syz-executor292 Not tainted 4.14.179-syzkaller #0 [ 36.366445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.376407] Call Trace: [ 36.379008] dump_stack+0x13e/0x194 [ 36.382637] do_raw_spin_lock+0x1cd/0x230 [ 36.386767] dev_mc_sync+0x10b/0x1c0 [ 36.390458] ? vlan_dev_set_mac_address+0x5c0/0x5c0 [ 36.395458] vlan_dev_set_rx_mode+0x38/0x80 [ 36.399767] __dev_set_rx_mode+0x191/0x2a0 [ 36.403980] dev_uc_unsync+0x16c/0x1c0 [ 36.407845] bond_hw_addr_flush+0x5c/0xe0 [ 36.411967] ? bond_set_dev_addr.isra.0+0xb0/0xb0 [ 36.416785] bond_enslave+0x1e53/0x49e0 [ 36.420736] ? bond_update_slave_arr+0x6c0/0x6c0 [ 36.425467] ? rtmsg_ifinfo_event.part.0+0x9a/0xc0 [ 36.430371] ? rtmsg_ifinfo+0x64/0x80 [ 36.434155] ? __dev_notify_flags+0x110/0x210 [ 36.438623] ? dev_change_name+0x990/0x990 [ 36.442829] ? bond_update_slave_arr+0x6c0/0x6c0 [ 36.447556] do_set_master+0x19e/0x200 [ 36.451517] rtnl_newlink+0x1319/0x1720 [ 36.455468] ? trace_hardirqs_on+0x10/0x10 [ 36.459711] ? rtnl_link_unregister+0x1f0/0x1f0 [ 36.464703] ? lock_acquire+0x170/0x3f0 [ 36.468660] ? lock_acquire+0x170/0x3f0 [ 36.472616] ? rtnetlink_rcv_msg+0x31d/0xb10 [ 36.477011] ? __lock_is_held+0xad/0x140 [ 36.481088] ? lock_downgrade+0x6e0/0x6e0 [ 36.485208] ? rtnl_link_unregister+0x1f0/0x1f0 [ 36.489848] rtnetlink_rcv_msg+0x3be/0xb10 [ 36.494084] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 36.498659] ? netdev_pick_tx+0x2e0/0x2e0 [ 36.502780] ? skb_clone+0x11c/0x310 [ 36.506496] ? save_trace+0x290/0x290 [ 36.510270] netlink_rcv_skb+0x127/0x370 [ 36.514324] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 36.518878] ? netlink_ack+0x980/0x980 [ 36.522741] netlink_unicast+0x437/0x620 [ 36.526777] ? netlink_attachskb+0x600/0x600 [ 36.531156] netlink_sendmsg+0x733/0xbe0 [ 36.535206] ? netlink_unicast+0x620/0x620 [ 36.539476] ? SYSC_sendto+0x2b0/0x2b0 [ 36.543386] ? security_socket_sendmsg+0x83/0xb0 [ 36.548309] ? netlink_unicast+0x620/0x620 [ 36.552516] sock_sendmsg+0xc5/0x100 [ 36.556306] ___sys_sendmsg+0x70a/0x840 [ 36.560263] ? copy_msghdr_from_user+0x380/0x380 [ 36.565023] ? trace_hardirqs_on+0x10/0x10 [ 36.569230] ? save_trace+0x290/0x290 [ 36.573003] ? trace_hardirqs_on+0x10/0x10 [ 36.577236] ? find_held_lock+0x2d/0x110 [ 36.581279] ? __might_fault+0x104/0x1b0 [ 36.585331] ? lock_acquire+0x170/0x3f0 [ 36.589440] ? lock_downgrade+0x6e0/0x6e0 [ 36.593589] ? __might_fault+0x177/0x1b0 [ 36.597624] ? _copy_to_user+0x82/0xd0 [ 36.601495] ? __fget_light+0x16a/0x1f0 [ 36.605452] ? sockfd_lookup_light+0xb2/0x160 [ 36.609943] __sys_sendmsg+0xa3/0x120 [ 36.613719] ? SyS_shutdown+0x160/0x160 [ 36.617670] ? move_addr_to_kernel+0x60/0x60 [ 36.622059] SyS_sendmsg+0x27/0x40 [ 36.625605] ? __sys_sendmsg+0x120/0x120 [ 36.629648] do_syscall_64+0x1d5/0x640 [ 36.633528] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 36.638697] RIP: 0033:0x444159 [ 36.641861] RSP: 002b:00007ffe1d1ae9a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 36.649540] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000000444159 [ 36.656783] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000010 [ 36.664026] RBP: 0000000001b60914 R08: 0000000000000003 R09: 0000000000000003 [ 36.671267] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000013 [ 36.678512] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000